az commands run with the debug flag display the password in the terminal. My assumption is the logger az uses knack.cli, cannot distinguish secrets from other string inputs.
Currently there is no way to mask the user provided secret value (marked as x-ms-secret in the swagger) while developing az extensions
To Reproduce
An example is
az vm create --debug -g snaskar-rg --image UbuntuLTS -n test-vm-01 --admin-password Open-Secret-1
Open-Secret-1 should not be displayed in the debug logs. This will be helpful if the user wants to share the logs for debugging any issues, also if the user is running the command sharing his screen.
yonzhan
commented
2 years ago
Describe the bug
azcommands run with thedebugflag display the password in the terminal. My assumption is the logger az usesknack.cli, cannot distinguish secrets from other string inputs.Currently there is no way to mask the user provided secret value (marked as
x-ms-secretin the swagger) while developing az extensionsTo Reproduce
An example is
az vm create --debug -g snaskar-rg --image UbuntuLTS -n test-vm-01 --admin-password Open-Secret-1An example involving an az extension:
az scvmm vmmserver connect --debug -g snaskar-rg -l eastus2euap -cl '/subscriptions/204898ee-cd13-4332-b9d4-55ca5c25496d/resourcegroups/snaskar-rg/providers/microsoft.extendedlocation/customlocations/arcvmm-1201-cl' --fqdn '10.10.10.10' --username 'host\user' --password 'Open-Secret-1' -n arcvmm-1201-vmmserverExpected behavior
Open-Secret-1should not be displayed in the debug logs. This will be helpful if the user wants to share the logs for debugging any issues, also if the user is running the command sharing his screen.Environment summary
Additional context
The complete logs can be found here.